The new General Data Protection Regulation, or GDPR, will come in to force on the 25th May, 2018 and will overhaul how personal data is processed and handled by all organisations, including our club.
What personal data does Cossington Bridge Club collect, and what is it used for?
The data we routinely collect includes members’ names, addresses, email addresses, telephone numbers and EBU membership number where applicable and date of joining. We collect this data directly from our members when they join the club.
For some of our members we may have additional information such as committee memberships, teaching qualifications (with the member’s knowledge and permission), or tournament director roles.
We collect the scores from games played, which are displayed on our results pages on Bridgewebs and used in maintaining the competition results on the Competitions pages.
Who is your data shared with?
Some of the data will be available for use by Bridgewebs acting as a Data Processor on the Club’s behalf. They are not free to pass this on to other organisations that are not connected with Cossington Bridge Club.
Personal data is not passed on by the Club or Bridgewebs to organisations other than those indicated above, whether or not connected with bridge.
Where does this data come from?
Data for most of members comes from them when they join Cossington Bridge Club or when they update their information directly.
Scoring data comes directly from the results of the club games in which you play.
How is your data stored?
This information is mainly stored in digital form on computers and in the form of written documents held by the Secretary of the Club. Bridgewebs is used as the data processor for this purpose. Any information that is stored remotely is stored in compliance with the General Data Protection Regulation (GDPR).
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring Cossington Bridge Club discharges its obligations under the GDPR is the Chairman of the Club.
Who has access to your data?
Members of the committee of Cossington Bridge Club have access to members’ data in order for them to carry out their legitimate tasks for the organisation.
Club members have access to members’ data when they are logged onto the Members’ Only Section of the Cossington Bridge Club pages of the Bridgewebs site.
Results of weekly sessions and periodic competitions are freely available on the Cossington Bridge Club pages of the Bridgewebs site
What is the legal basis for collecting this data?
Cossington Bridge Club collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and participant in an internationally recognised and regulated, competitive mind sport.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you can find it on the members only section of the Cossington Bridge Club pages of Bridgewebs or you should contact any member of the Committee.
Does Cossington Bridge Club collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. This includes such information as race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, sexual orientation. The club does not record or hold any such data.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
- If you wish you could become an “anonymous” member. This would involve you having a pseudonym with an EBU number under which you would play.
- You could maintain your club membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but of course this would limit what we are able to provide you with in the way of written information
- You may choose not to receive information emails from Cossington Bridge Club.
- Any of these options can be implemented for your club membership by contacting Cossington Bridge Club.
How long we keep your data for, and why?
We normally keep members’ data after they resign or their membership lapses in case they later wish to re-join. However, we will delete any former member’s contact details entirely on request.
Since underlying statistical data, like scores from bridge games, continues to be necessary in relation to the purpose for which it was originally collected and processed, results from events are not deleted by Cossington Bridge Club although they will no longer be attributed to a player who does not want their data to be kept.
Historical ranking lists and prize lists are required for archiving purposes and names cannot be removed from them.
Other data, such as that relating to accounting or personnel matters, is kept for the legally required period.
What happens if a member dies?
We normally keep members’ information after they die. If requested by their next-of-kin to delete it we will do so on the same basis as when requested to remove data by a former member.
Can you download your data to use it elsewhere?
To access data held by Cossington Bridge Club contact any member of the Committee.